Currently, data is typically protected by encryption at the physical layer (e.g. by encrypting a point-to-point communications link, or an entire hard disk), or at the network layer through packet encryption (e.g. using IPSEC). However, that is generally not practical for protecting data of different security levels that need to be shared between different communities. A more flexible approach is to encrypt a data object (e.g. a word document, a paragraph within a document, or a token identifying a user, for example in a conferencing system) with an encryption key available only to those who have a right to access the object. The object can then be stored and transported without further encryption and objects of different security level can be placed on an open common server. The main problem in such a solution is deriving a key that is only available to a certain subset of users, and distributing that key.
In a conventional system, there is a central key management system and every time a group of users is assigned to an object, a key is generated, used to encrypt that object and distributed to all the users authorised to access it. Alternatively, each user establishes a secure channel and request the key if they need access to the object. The need to ensure that the keys are only provided to legitimate users gives rise to significant problems of key storage and user identity management and authentication.
A scheme has been propose by S. Tsujii and T Itoh (in “An ID-based crypto system based on the discrete logarithm problem”, IEEE Journal on selected areas in communications, Vol. 7 No. 4, 1989, pp 467-473) that uses the discrete log problem (discussed further below). That scheme was then later extended by Tzong-Chen Wu and Yuh-Shihng Chan (in “Authorization-based Group-orientated Secure Broadcast System”, Journal of Information Science and Engineering 15, pp 653-667 (1999) with the intention of adding “authorisation based” access control. However, neither of those schemes is particularly general in their approach, rather being limited to specific solutions. They also introduce unnecessary complexity and hence potential weaknesses. Other extensions to the Tsujii and Itoh scheme have been proposed and have been shown to be insecure (see C. S. Laih and J. Y. Lee, “Modified ID-based cryptosystem using discrete logarithm problem”, Electronics Letters, 7 Jul. 1988, Vol. 24, pp 858-859, and S. Tsujii, T. Itoh, H. Tanaka, Toyko Inst. of Technology, “Modified ID-based cryptosystem using discrete logarithm problem (comment)”, Electronic Letters, 5 Jan. 1989, Vol. 25, pp 77-78).
The use of one-way functions in key generation for encryption is well-known. Whilst no-one has proved the existence of functions that comply with the strict academic definition of a “one-way function”, the person skilled in the field of key generation for encryption understands that a one-way function is a function that is easy to compute, but hard to invert (i.e., no methods of computing the inversions are known that are quick enough for the inversions to be possible on practical timescales). Several known families of functions are generally believed to be one-way, and are well-known amongst persons skilled in the art. As used herein, a “one-way function” is a function that would be considered by skilled persons in the encryption community to be effectively one-way, for practical purposes.
It would be advantageous to provide a method and system in which one or more of the aforementioned disadvantages is eliminated or at least reduced. It would be advantageous to eliminate or reduce the infrastructure and management needed to manage keys and related information in systems where data objects need to be encrypted and shared, reducing the cost of development, deployment and maintenance of such systems. It would also be advantageous to provide a method and system for establishing a common key for a multiparty communication on systems such as combat net radio, or voice conferences.